DLNA, IGMP Proxy, VLANs, Subnets... Oh, dear...

stephenw10

That's what you see blocked on vlan 20?

I'd try doing a packet capture on vlan 20. Check what igmp traffic is there in either direction.

Steve

nfld_republic

@stephenw10 I am seeing these as being accepted (green check mark); not blocked...

stephenw10

Hmm, OK. Check igmp traffic in a packet capture on vlan 20 then.

Or at least check igmp states on vlan 20.

Steve

nfld_republic

@stephenw10 Hi Steve - Now I am really getting out of my depth (jack of all trades... master of none ).
I did a promiscuous packet capture on VLAN 20 searching only for the media server (20.252) and over the course of about 5 minutes I only saw 4 multicast announcement from the media server. They were Apple Airplay.

nfld_republic

I also increased the TTL on each of the IGMP interfaces to 4. I did not see any change.

nfld_republic

Here's the relevant (I think) part of the capture:

stephenw10

Rather than filter by the server IP I would leave that empty and filter by protocol 'igmp'. We want to be sure the proxy is sending something at least when clients on the downstream side try to find services.

Steve

nfld_republic

@stephenw10 Thanks - here is the VLAN 20 IGMP filter:

stephenw10

Hmm, yeah this is outside what I usually do too.

Was there a client on one of the downstream interfaces trying to connect whilst that was happening?

You might have to use pimd instead. Plenty of others have tried and failed to make this work it seems:
https://forum.netgate.com/post/814716

Steve

nfld_republic

@stephenw10 Hi Steve - two clients on VLAN 25 and 2 on VLAN 30. None of them can find the media server. I tried pimd before (no luck) but I think that you are right - pimd may be a solution.

I wonder if the issue with IGMP proxy being broken since 2.4...

nfld_republic

And...
pimd works!
Now, all we need is a proper pfSense pimd package an interface.

A reminder to anyone else using this:

1. you need to back your pimd.conf file up as any updates will removed pimd and the configuration.
2. you will need to manually configuration pimd.conf and select your interfaces/VLANs appropriately. (obvious but worth stating )
3. make sure you disable IGMP Proxy - they cannot co-exist.

And a big thank you for everyone's input. GREAT FORUM!

stephenw10

Nice! What config did it require?
I doubt it be that difficult. Probably time to open a feature request if it does not already exist: https://redmine.pfsense.org

Steve

nfld_republic

@stephenw10 Not much of a configuration:

# phyint igb0 disable - commented out as not configured
phyint igb1 disable
phyint igb2 disable
phyint igb3 disable
# phyint igb4 disable - commented out as not configured
phyint igb5 disable
phyint igb3.30 enable
phyint igb3.100 disable
phyint igb3.25 enable
phyint igb3.20 enable
phyint igb3.201 disable
phyint ovpns1 disable
phyint ovpns2 disable

# bsr-candidate igb3.20
bsr-candidate priority 5
rp-candidate time 30 priority 20
group-prefix 224.0.0.0 masklen 4
spt-threshold packets 0 interval 100

I likely will have to manually restart pimd restart (not a big deal since the firewall won't be restarting often).

stephenw10

You can start it at boot with a shellcmd easily enough:
https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

Yeah a gui page to select interfaces and set those options should not be hard. All the code exists in other packages.

Steve

nfld_republic

@stephenw10 Added pimd be added to redmine.